What is ClamAV?
ClamAV is an open-source antivirus engine for detecting trojans, viruses, malware, and other threats. While Linux servers are less targeted than Windows, web-facing servers can host malicious uploaded files.
Installation
sudo apt update
sudo apt install -y clamav clamav-daemonUpdate Virus Definitions
# Stop the daemon first (it locks the DB)
sudo systemctl stop clamav-freshclam
sudo freshclam
sudo systemctl start clamav-freshclamManual Scan
# Scan a directory
clamscan -r /var/www/html
# Scan with summary and only show infected
clamscan -ri /var/www/html
# Move infected files to quarantine
clamscan -r --move=/quarantine /var/www/htmlAutomated Daily Scan
#!/bin/bash
# /root/scripts/malware-scan.sh
LOG="/var/log/clamav/scan-$(date +%Y%m%d).log"
clamscan -ri /var/www /home --exclude-dir=/proc --exclude-dir=/sys > "$LOG" 2>&1
if grep -q "Infected files: [^0]" "$LOG"; then
cat "$LOG" | mail -s "MALWARE FOUND on $(hostname)" admin@example.com
fi0 4 * * * /root/scripts/malware-scan.shPerformance Tips
- Exclude large binary directories (/proc, /sys, /dev)
- Run scans during off-peak hours
- Use
--max-filesize=25Mto skip very large files